Merge pull request #61 from pspencer53/ldap_pat
Merge in Pat's LDAP fix
This commit is contained in:
commit
d7b713bbf2
|
@ -17,3 +17,8 @@ That means you have the right to study, change, and distribute the software and
|
||||||
## Acknowledgements
|
## Acknowledgements
|
||||||
|
|
||||||
Thanks to Pat S for all his help integrating with Active Directory.
|
Thanks to Pat S for all his help integrating with Active Directory.
|
||||||
|
|
||||||
|
## Changes
|
||||||
|
|
||||||
|
09/17/2021: An error in the LDAP functionality was discovered when the proposed user name exceeded 20 characters. Unfortunately Active Directory has this limitation in the length of the sAMAccountName attribute in order to provide backward compatibility to pre-win2000 calls.
|
||||||
|
It was realized that an assumption had been made that the login name and the sAMAccountName were interchangable. This has been fixed.
|
||||||
|
|
|
@ -46,7 +46,7 @@ def find_user(query):
|
||||||
try:
|
try:
|
||||||
logger.info('Looking up user ' + query)
|
logger.info('Looking up user ' + query)
|
||||||
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
|
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
|
||||||
criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={}))(!(objectClass=computer)))'.format(query, query)
|
criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={})(userPrincipalName={}*))(!(objectClass=computer)))'.format(query, query, query)
|
||||||
results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])
|
results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])
|
||||||
|
|
||||||
logger.info(' Results: ' + str(results))
|
logger.info(' Results: ' + str(results))
|
||||||
|
@ -91,7 +91,7 @@ def create_user(first, last, username, email, password):
|
||||||
('objectClass', [b'top', b'person', b'organizationalPerson', b'user']),
|
('objectClass', [b'top', b'person', b'organizationalPerson', b'user']),
|
||||||
('cn', [full_name.encode()]),
|
('cn', [full_name.encode()]),
|
||||||
('userPrincipalName', [username.encode()]),
|
('userPrincipalName', [username.encode()]),
|
||||||
('sAMAccountName', [username.encode()]),
|
('sAMAccountName', [username.encode()[:20]]),
|
||||||
('givenName', [first.encode()]),
|
('givenName', [first.encode()]),
|
||||||
('sn', [last.encode()]),
|
('sn', [last.encode()]),
|
||||||
('DisplayName', [full_name.encode()]),
|
('DisplayName', [full_name.encode()]),
|
||||||
|
@ -250,6 +250,24 @@ def list_group(groupname):
|
||||||
finally:
|
finally:
|
||||||
ldap_conn.unbind()
|
ldap_conn.unbind()
|
||||||
|
|
||||||
|
def delete_user(username):
|
||||||
|
'''
|
||||||
|
Delete user; required data is sAMAccountName or userPrincipleName
|
||||||
|
'''
|
||||||
|
ldap_conn = init_ldap()
|
||||||
|
try:
|
||||||
|
logger.info('Deleting user: ' + username)
|
||||||
|
|
||||||
|
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
|
||||||
|
user_dn = find_user(username)
|
||||||
|
result = ldap_conn.delete_s(user_dn)
|
||||||
|
|
||||||
|
logger.info(' Result: ' + str(result))
|
||||||
|
return result
|
||||||
|
|
||||||
|
finally:
|
||||||
|
ldap_conn.unbind()
|
||||||
|
|
||||||
def is_member(groupname, username):
|
def is_member(groupname, username):
|
||||||
'''
|
'''
|
||||||
Checks to see if a user is a member of a group
|
Checks to see if a user is a member of a group
|
||||||
|
@ -305,10 +323,17 @@ def dump_users():
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
pass
|
pass
|
||||||
#print(create_user('Elon', 'Tusk', 'elon.tusk', 'elont@example.com', 'protospace*&^g87g6'))
|
print("=-=-=-=-=-=-=-=-=-=")
|
||||||
#print(find_user('tanner.collin'))
|
#print(create_user('Elon', 'Tusk', 'elon.tusk', 'elon.tusk@lab39.lab', 'protospace*&^g87g6'))
|
||||||
#print(set_password('tanner.collin', 'Supersecret@@'))
|
#print(find_user('noorullah.hussain.zada'))
|
||||||
#print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca'))
|
#print("----------")
|
||||||
|
#print(find_user('pat.spencer'))
|
||||||
|
print("----------")
|
||||||
|
print(find_user('elon.tusk'))
|
||||||
|
print("----------")
|
||||||
|
print(delete_user('elon.tusk'))
|
||||||
|
print("----------")
|
||||||
|
print(find_user('elon.tusk'))
|
||||||
#print("============================================================")
|
#print("============================================================")
|
||||||
#print(create_group("newgroup", "new group"))
|
#print(create_group("newgroup", "new group"))
|
||||||
#print(" ============== ")
|
#print(" ============== ")
|
||||||
|
@ -322,9 +347,10 @@ if __name__ == '__main__':
|
||||||
#print(" ============== ")
|
#print(" ============== ")
|
||||||
#print(remove_from_group('newgroup','tanner.collin'))
|
#print(remove_from_group('newgroup','tanner.collin'))
|
||||||
#print(" ============== ")
|
#print(" ============== ")
|
||||||
print(list_group('Trotec Users'))
|
#print(list_group('Trotec Users'))
|
||||||
#print(dump_users())
|
#print(dump_users())
|
||||||
|
|
||||||
#users = list_group('Laser Users')
|
#users = list_group('Laser Users')
|
||||||
#import json
|
#import json
|
||||||
#print(json.dumps(users, indent=4))
|
#print(json.dumps(users, indent=4))
|
||||||
|
(
|
Loading…
Reference in New Issue
Block a user